Launch-Mode-Aware Context-Sensitive Activity Transition Analysis

Existing static analyses model activity transitions in Android apps context-insensitively, making it impossible to distinguish different activity launch modes, reducing the pointer analysis precision for an activity's callbacks, and potentially resulting in infeasible activity transition paths. In this paper, we introduce Chime, a launch-mode-aware context-sensitive activity transition analysis that models different instances of an activity class according to its launch mode and the transitions between activities context-sensitively, by working together with an object-sensitive pointer analysis. Our evaluation shows that our context-sensitive activity transition analysis is more precise than its context-insensitive counterpart in capturing activity transitions, facilitating GUI testing, and improving the pointer analysis precision.

[1]  Suman Nath,et al.  Brahmastra: Driving Apps to Test the Security of Third-Party Components , 2014, USENIX Security Symposium.

[2]  Ondrej Lhoták,et al.  Pick your contexts well: understanding object-sensitivity , 2011, POPL '11.

[3]  Yifei Zhang,et al.  Ripple: Reflection Analysis for Android Apps in Incomplete Information Environments , 2017, CODASPY.

[4]  Isil Dillig,et al.  Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability , 2016, NDSS.

[5]  Ondrej Lhoták,et al.  Context-Sensitive Points-to Analysis: Is It Worth It? , 2006, CC.

[6]  Jingling Xue,et al.  Efficient and precise points-to analysis: modeling the heap by merging equivalent automata , 2017, PLDI.

[7]  Lei Zhang,et al.  Towards a scalable resource-driven approach for detecting repackaged Android applications , 2014, ACSAC.

[8]  Jingling Xue,et al.  Self-inferencing Reflection Resolution for Java , 2014, ECOOP.

[9]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[10]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[11]  Julian Dolby,et al.  Scalable and precise taint analysis for Android , 2015, ISSTA.

[12]  Jacques Klein,et al.  Combining static analysis with probabilistic models to enable market-scale Android inter-component analysis , 2016, POPL.

[13]  Yannis Smaragdakis,et al.  Hybrid context-sensitivity for points-to analysis , 2013, PLDI.

[14]  Yan Wang,et al.  Static Control-Flow Analysis of User-Driven Callbacks in Android Applications , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[15]  Benjamin Livshits,et al.  Just-in-time static analysis , 2016, ISSTA.

[16]  Jie Liu,et al.  Reflection Analysis for Java: Uncovering More Reflective Targets Precisely , 2017, 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE).

[17]  Alireza Sadeghi,et al.  Reducing Combinatorics in GUI Testing of Android Applications , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[18]  Sam Malek,et al.  EvoDroid: segmented evolutionary testing of Android apps , 2014, SIGSOFT FSE.

[19]  Matthew L. Dering,et al.  Composite Constant Propagation: Application to Android Inter-Component Communication Analysis , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[20]  Jacques Klein,et al.  Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis , 2013 .

[21]  Jingling Xue,et al.  Making k-Object-Sensitive Pointer Analysis More Precise with Still k-Limiting , 2016, SAS.

[22]  Yan Wang,et al.  Static Window Transition Graphs for Android (T) , 2015, 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[23]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[24]  Yifei Zhang,et al.  Program Tailoring: Slicing by Sequential Criteria , 2016, ECOOP.

[25]  Zhuoqing Morley Mao,et al.  Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks , 2014, USENIX Security Symposium.

[26]  Jeff H. Perkins,et al.  Information Flow Analysis of Android Applications in DroidSafe , 2015, NDSS.

[27]  Jingling Xue,et al.  Effective Soundness-Guided Reflection Analysis , 2015, SAS.

[28]  Doo-Hwan Bae,et al.  Automated model-based Android GUI testing using multi-level GUI comparison criteria , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[29]  Iulian Neamtiu,et al.  Targeted and depth-first exploration for systematic testing of android apps , 2013, OOPSLA.

[30]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[31]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[32]  Isil Dillig,et al.  Apposcopy: semantics-based detection of Android malware through static analysis , 2014, SIGSOFT FSE.

[33]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to and side-effect analyses for Java , 2002, ISSTA '02.